CVE-2026-33005
MEDIUM
4,3
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: none
Description
AI Translation Available
Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings.
Any registered user can query web service with their credentials and get files/sub-folders of any folder by ID (metadata only NOT contents). Metadata includes id, type, name and some other field. Full list of fields get be checked at FileItemDTO object.
This issue affects Apache OpenMeetings: from 3.10 before 9.0.0.
Users are recommended to upgrade to version 9.0.0, which fixes the issue.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0003
Percentile
0,1th
Updated
EPSS Score Trend (Last 7 Days)
274
Improper Handling of Insufficient Privileges
DraftCommon Consequences
Security Scopes Affected:
Other
Potential Impacts:
Other
Alter Execution Logic
Applicable Platforms
All platforms may be affected
Application
Openmeetings by Apache
Version Range Affected
From
3.1.0
(inclusive)
To
9.0.0
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
http://www.openwall.com/lists/oss-security/2026/04/09/10
https://lists.apache.org/thread/pttoprd628g3xr6lpp3bm1z8m3z8t4p7
https://openmeetings.apache.org/openmeetings-db/apidocs/org.apache.openmeetings…